Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

SSL VPN: Convert .ovpn to .apc/.epc for Site-to-Site SSL Tunnels

Please make a tool to conver regular openvpn configuartion files to your apc/epc format. Without such a tool it is impossible to use an astaro as client for existing openvpn server.

620 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Ruben PüttmannRuben Püttmann shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    65 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • j0nj0n commented  ·   ·  Flag as inappropriate

        Ya, Sophos is okay, but I'm switching back to pfsense at home (has OpenVPN support), and choosing Fortinet for the office.

      • ChrizChriz commented  ·   ·  Flag as inappropriate

        Sophos - do something. People are migrating away from UTM because the Lack of this feature.

      • DucsterDucster commented  ·   ·  Flag as inappropriate

        Since this request is now older than 4 years, I hope this will be finally implemented.

      • DaveDave commented  ·   ·  Flag as inappropriate

        Sophos, this really isn't all that hard to achieve. I understand there may be specific additional options which are outside the parameters of the standard OVPN client configuration files - but why make it so hard to utilise a UTM as an OpenVPN endpoint when UTM itself uses OpenVPN for VPN?

        It really is very simple. Allow a download of a ZIP archive containing both the APC/EPC format AND the OpenVPN client configuration files, and allow for either option in the import. If you export a config from another UTM; upload the entire archive with APE/EPC and ignore the OpenVPN client configuration in the same way UTM works currently. If somebody chooses to import an .OVPN file, then manually request whatever additional information UTM requires to get a working tunnel going.

        Having looked into a .APC file myself I cannot see what possible need there is to enforce this proprietary standard on the users of UTM. I had planned on using the UTM as a private VPN client device in site-to-site mode, but having discovered it is impossible to get it working with a well-known standard configuration file - I am now left to looking for alternatives. I know all too well that behind the scenes UTM simply employs standard OVPN files based upon the APC format - so I really cannot see why this capability would be impossible to achieve.

        With more than twice as many votes as the next VPN feature request, make sure this one is in the next release! I am not the only one entirely frustrated by such a ridiculously pointless proprietary standard on an open source framework.

      • coewarcoewar commented  ·   ·  Flag as inappropriate

        I hate to say it, but you're better off pushing through doing some of this with a Linux server. You can have Astaro up front and then do NAS forwarding of SSL VPN port into another server in your backend to handle it. How exactly to set up the Linux side of that I'm not sure but I'm saying it's worth learning how to do. But we have successfully moved IPSec VPN connections from an Astaro 100% to a Linux server behind it running StrongSWAN. It was just a matter of NAS forwarding the IPSec ports. The beauty of that project was the for the most part, the partners' VPN connections didn't even know about it and kept on humming after reconnecting. We moved about 50 connections.

      • Anonymous commented  ·   ·  Flag as inappropriate

        For where I see we still don't have this feature, we switched from a Linux gateway to sophos UTM because it seemed more trustfull and secure, but we have external offices that used to connect to our old gateway using openvpn, now we can't connect cause there's no way we can connect openvpn clients to UTM in a site-to-site manner.

        HELPPP!!! Already searched through all the astaro forum and no viable solution.

      • Green CloudGreen Cloud commented  ·   ·  Flag as inappropriate

        I vote for any way that allows me to make the UTM a client to a privateinternetaccess.com openvpn server. Seriously Sophos, why are you dropping the ball? People have been asking for this for years upon years according to the almighty Google. I didn't have a single negative comment about the UTM until this, now it's the comment I open with when discussing UTM 9.

      • coewarcoewar commented  ·   ·  Flag as inappropriate

        If you think that's over due, what about the fact that it's still using this version of ipsec?

        Linux strongSwan U4.4.1git20100610/K3.8.13.15-10.gc33dd1e-smp64

      ← Previous 1 3 4

      Feedback and Knowledge Base